JLSEC-2026-94 — Vulnetix

JLSEC-2026-94 PUBLISHED

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

Affected Products

Vendor	Product	Versions
Julia	Kerberos_krb5_jll	0, 0

Timeline

Apr 13, 2026 CVE Published
Apr 13, 2026 CVE Updated

References

https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef url
https://web.mit.edu/kerberos/www/advisories/ url
https://security.netapp.com/advisory/ntap-20241108-0009/ url
https://security.netapp.com/advisory/ntap-20250124-0010/ url

Open in Interactive Console →